I need to disable WebDAV Http extensions on my IIS 6.0 server. I found this Microsoft link on how to do this on IIS 5.0:
http://support.microsoft.com/kb/241520
I've tried the registry settings approach, but I can still open my WSS 3.0 site using File->Open -> Open as Web Folder option.
Also, the IIS Lockdown tool is only or IIS 4.0, 5.0.
I really wish it were that simple. I've disabled WebDAV extensions from Web server extensions node, but my WSS 3.0 site can still be opened using win explorer. I did mention I have SharePoint Services 3.0 installed, did I?
On MSDN forums I was told to look somewhere else too :) http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3328705&SiteID=1
I've tried all sorts of things now, from IIS 5.0 registry settings, to IIS manager web server extensions, and even tried to deny Everyone access to the httpetx.dll from C:\WINDOWS\system32\inetsrv... and of course did an iisreset after each change... and
I still can open the WSS web site using DAV client :) There's also the IIS lockdown tool, but that's only for IIS 4.0, 5.0..
It may not be possible. This is probably the same method used by the MS Office apps to connect to SharePoint, which is a key feature. Killing Explorer access would most likely break Office access.
I disabled WebDAV access by prohibiting _vti_aut/author.dll and owssvr.dll from Windows SharePoint Services 3.0 web service extensions. And yes, you are right, disabling owssvr.dll seems to break Office access to the files, while disabling _vti_aut/author.dll
disabled the ability to save the file back to server.
Exact same issue here. I did a lot of digging with no success. Even made a call to Microsoft.
I think that's a big issue, security broblem, whatever you want to call it. If you customize MOSS as we did users can always around it and use webdav to access the folders and library under MOSS..not a good design at all. It seems that there is really no
way around it keeping office integration in mind.
Just wanted to see if you do have the same issue. The problem with my case is that I need to enable SOAP protocol and in the same time disable WebDAV. Now in WSS this is an atomic permission - Use Remote Interfaces. But as far as I know you can disable WebDAV
while keeping "Use Client Integration Features" permission.
Did you try to configure your permissions in such manner?
Or do your customization rule out this possibility?
As you have already seen, disabling the IIS WebDAV module does not affect SharePoint WebDAV because SharePoint imlements its own WebDAV functionality. Rather than attempting to change permissions or deny access to _vti_*** paths through NTFS or IIS I would
suggest using
URLScan to block the WebDAV verbs through [DenyVerbs] and block any paths through [DenyUrlSequences].
saneaprodan
5 Posts
Disable WebDAV protocol on IIS 6.0
May 14, 2008 08:20 AM|saneaprodan|LINK
Hi all,
I need to disable WebDAV Http extensions on my IIS 6.0 server. I found this Microsoft link on how to do this on IIS 5.0: http://support.microsoft.com/kb/241520
I've tried the registry settings approach, but I can still open my WSS 3.0 site using File->Open -> Open as Web Folder option.
Also, the IIS Lockdown tool is only or IIS 4.0, 5.0.
So how does one disable WebDav in IIS 6.0?
IIS 6.0 WebDav
tomkmvp
9756 Posts
MVP
Moderator
Re: Disable WebDAV protocol on IIS 6.0
May 14, 2008 09:04 AM|tomkmvp|LINK
Simple ... do not enable WebDAV in the web services configuration.
http://support.microsoft.com/kb/332060
http://mvp.support.microsoft.com/
saneaprodan
5 Posts
Re: Disable WebDAV protocol on IIS 6.0
May 14, 2008 09:19 AM|saneaprodan|LINK
I really wish it were that simple. I've disabled WebDAV extensions from Web server extensions node, but my WSS 3.0 site can still be opened using win explorer. I did mention I have SharePoint Services 3.0 installed, did I?
Am I the only one with this behavior?
tomkmvp
9756 Posts
MVP
Moderator
Re: Disable WebDAV protocol on IIS 6.0
May 14, 2008 04:09 PM|tomkmvp|LINK
Ahh yes, WSS does strange things to IIS. You may get a better response in a WSS specific forum ...
http://mvp.support.microsoft.com/
saneaprodan
5 Posts
Re: Disable WebDAV protocol on IIS 6.0
May 14, 2008 04:23 PM|saneaprodan|LINK
On MSDN forums I was told to look somewhere else too :) http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3328705&SiteID=1
I've tried all sorts of things now, from IIS 5.0 registry settings, to IIS manager web server extensions, and even tried to deny Everyone access to the httpetx.dll from C:\WINDOWS\system32\inetsrv... and of course did an iisreset after each change... and I still can open the WSS web site using DAV client :) There's also the IIS lockdown tool, but that's only for IIS 4.0, 5.0..
This is very, very strange...
tomkmvp
9756 Posts
MVP
Moderator
Re: Disable WebDAV protocol on IIS 6.0
May 15, 2008 08:05 AM|tomkmvp|LINK
It may not be possible. This is probably the same method used by the MS Office apps to connect to SharePoint, which is a key feature. Killing Explorer access would most likely break Office access.
http://mvp.support.microsoft.com/
saneaprodan
5 Posts
Re: Disable WebDAV protocol on IIS 6.0
May 15, 2008 11:00 AM|saneaprodan|LINK
I disabled WebDAV access by prohibiting _vti_aut/author.dll and owssvr.dll from Windows SharePoint Services 3.0 web service extensions. And yes, you are right, disabling owssvr.dll seems to break Office access to the files, while disabling _vti_aut/author.dll disabled the ability to save the file back to server.
Here are some resources on this: http://msdn.microsoft.com/en-us/library/ms947858.aspx. Although out of date, they did help me.
maxtarass
1 Post
Re: Disable WebDAV protocol on IIS 6.0
May 27, 2008 10:35 AM|maxtarass|LINK
Hi
Exact same issue here. I did a lot of digging with no success. Even made a call to Microsoft.
I think that's a big issue, security broblem, whatever you want to call it. If you customize MOSS as we did users can always around it and use webdav to access the folders and library under MOSS..not a good design at all. It seems that there is really no way around it keeping office integration in mind.
saneaprodan
5 Posts
Re: Disable WebDAV protocol on IIS 6.0
May 27, 2008 10:53 AM|saneaprodan|LINK
Thanks for sharing,
Just wanted to see if you do have the same issue. The problem with my case is that I need to enable SOAP protocol and in the same time disable WebDAV. Now in WSS this is an atomic permission - Use Remote Interfaces. But as far as I know you can disable WebDAV while keeping "Use Client Integration Features" permission.
Did you try to configure your permissions in such manner?
Or do your customization rule out this possibility?
jhillenbrand
1 Post
Re: Disable WebDAV protocol on IIS 6.0
Jun 24, 2009 02:39 PM|jhillenbrand|LINK
You also have to go into the NTFS permissions and make sure the WebSharing is turned off. Remove IUSR_Machine from the permissions too.
robmcm
311 Posts
Microsoft
Moderator
Re: Disable WebDAV protocol on IIS 6.0
Jul 15, 2009 03:56 PM|robmcm|LINK
Sorry for the late post on this thread.
As you have already seen, disabling the IIS WebDAV module does not affect SharePoint WebDAV because SharePoint imlements its own WebDAV functionality. Rather than attempting to change permissions or deny access to _vti_*** paths through NTFS or IIS I would suggest using URLScan to block the WebDAV verbs through [DenyVerbs] and block any paths through [DenyUrlSequences].